From edef6ef2f4e0787daa739ed8e233d26ae8c86f2b Mon Sep 17 00:00:00 2001
From: Oscar Guindzberg <oscar.guindzberg@gmail.com>
Date: Tue, 8 May 2018 14:10:31 -0300
Subject: [PATCH] Message.readBytes(): Fail fast if length is too large

Cherry pick https://github.com/bitcoinj/bitcoinj/commit/694955c98b7cc1896cfa636b56e9d4eefdc868b2
---
 core/src/main/java/org/bitcoinj/core/Message.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/org/bitcoinj/core/Message.java b/core/src/main/java/org/bitcoinj/core/Message.java
index e6f5cd2be3a8..fea88cf5d909 100644
--- a/core/src/main/java/org/bitcoinj/core/Message.java
+++ b/core/src/main/java/org/bitcoinj/core/Message.java
@@ -327,7 +327,7 @@ protected long readVarInt(int offset) throws ProtocolException {
     }
 
     protected byte[] readBytes(int length) throws ProtocolException {
-        if (length > MAX_SIZE) {
+        if ((length > MAX_SIZE) || (cursor + length > payload.length)) {
             throw new ProtocolException("Claimed value length too large: " + length);
         }
         try {